Merge branch 'sanitize-bio' into 'develop'
mastodon api: sanitize the bio HTML See merge request pleroma/pleroma!282
This commit is contained in:
commit
a6d4cc8917
@ -36,7 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
|
|||||||
followers_count: user_info.follower_count,
|
followers_count: user_info.follower_count,
|
||||||
following_count: user_info.following_count,
|
following_count: user_info.following_count,
|
||||||
statuses_count: user_info.note_count,
|
statuses_count: user_info.note_count,
|
||||||
note: user.bio || "",
|
note: HtmlSanitizeEx.basic_html(user.bio) || "",
|
||||||
url: user.ap_id,
|
url: user.ap_id,
|
||||||
avatar: image,
|
avatar: image,
|
||||||
avatar_static: image,
|
avatar_static: image,
|
||||||
|
@ -20,6 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
|
|||||||
info: %{"note_count" => 5, "follower_count" => 3, "source_data" => source_data},
|
info: %{"note_count" => 5, "follower_count" => 3, "source_data" => source_data},
|
||||||
nickname: "shp@shitposter.club",
|
nickname: "shp@shitposter.club",
|
||||||
name: ":karjalanpiirakka: shp",
|
name: ":karjalanpiirakka: shp",
|
||||||
|
bio: "<script src=\"invalid-html\"></script><span>valid html</span>",
|
||||||
inserted_at: ~N[2017-08-15 15:47:06.597036]
|
inserted_at: ~N[2017-08-15 15:47:06.597036]
|
||||||
})
|
})
|
||||||
|
|
||||||
@ -33,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
|
|||||||
followers_count: 3,
|
followers_count: 3,
|
||||||
following_count: 0,
|
following_count: 0,
|
||||||
statuses_count: 5,
|
statuses_count: 5,
|
||||||
note: user.bio,
|
note: "<span>valid html</span>",
|
||||||
url: user.ap_id,
|
url: user.ap_id,
|
||||||
avatar: "http://localhost:4001/images/avi.png",
|
avatar: "http://localhost:4001/images/avi.png",
|
||||||
avatar_static: "http://localhost:4001/images/avi.png",
|
avatar_static: "http://localhost:4001/images/avi.png",
|
||||||
|
Loading…
Reference in New Issue
Block a user